Github user vanzin commented on the issue:
https://github.com/apache/spark/pull/14694
> Spark thrift server needs to access hive metastore principal
That's not true. It needs access to the credentials of a user that can talk
to the metastore. That can be any user credential, it doesn't need to be a
service credential.
> Besides that I think there's another possibility that user might develop
a custom service based on spark, in this case they also need service principal.
That would only make any difference if the thrift server were doing
authentication, which it's not.
It's not about being safe or not, it's about encouraging the use of
Kerberos in the right way. We've already -1'ed similar patches in the past for
the same reason.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org
For additional commands, e-mail: reviews-h...@spark.apache.org
